Those of you who have read more than one of these missives (thank you, thank you) may have noticed our fascination with the activities of the REvil ransomware group.
For those not up to speed, here is a REvil primer.
REvil (Ransomware Evil, see what they did there) is a Russian speaking cybercriminal gang that, as the name suggests, focus on encrypting, copying and holding data for ransom. As well as the usual scattergun approach, often against specific verticals, REvil meticulously plans and execute ‘spectaculars’.
Believed to be closely associated (coughs ‘same outfit’ into sleeve) with the Darkside group – they use similar code (at least the bit that checks the victim is not in a Commonwealth of Independent States (CIS) country, and possibly the offspring of the now dormant GrandCrab outfit,
REvil arrived on the scene in May 2020 with an attack on the one and only Donald Trump. REvil pretty much invented the two-pronged attack where as well as encrypting the data, if a ransom is not received they start publishing it on their Happy Blog sight and true to form they published 169 emails related to and involving President Trump.
After this attack, they took all of their servers off the air. We suggested at the time that we thought they would be back, and so it has transpired (no need to upgrade the crystal ball just yet). Reports this week suggest that they are back up and running, which given this announcement from Microsoft about a viable, published and in use vulnerability against components of Internet Explorer should be cause for serious concern.
We have always known that the youth (under 30 something) have less regard for security than those longer in the tool and greyer or lesser of hair. In a ‘none of the brown stuff Sherlock’ moment, research outfit Wolf security (part of HP) released this report which is fascinating reading and highlights the double whammy of a rush to hybrid model (Covid) and the knock-on effects of compromising security to get something working in a hurry. Something with we see many organisations trying to remedy with the wheels still turning. This is apparently annoying the younger workforce.
Tiberium’s managed services FROST and MYTHIC provide management and control of our customer’s security with low user touch. We also help our customers make the best value of licensing investment and provide data to plan ongoing strategies.
We would very much appreciate the opportunity to show your our platform which goes a long way to preventing Ransomware from day one, in fact in many cases much less than one day. Please contact us for a chat and a demo.
Having warned of a potential issue in its ACI (Azure Container Instances) platform, which enables customers to run containers in an environment managed by Microsoft, they have very quickly patched it. This is good news because in what appears to be the first vulnerability of this type, it enabled one customer to break out of their container and into someone else’s to snaffle their data.
We think that this sort of attack will become a new theatre of activity for the serious players. So do the NSA/CSA who have gone so far as to produce hardening guidance for Kubernetes.
By a total coincidence, we were made aware of a Kubernetes debugging document this week. The complexity of it is like one of our associates said ‘beyond parody’.
If you want to know how to debug Kubernetes, want a nice picture for your wall or just a good old laugh, check this out. It is worth it. With complexity like this, security is just ready to be compromised. Be careful.
The song Back Once Again For The Renegade Master was released by musician and DJ Roger Mckenzie (RIP) in 1995. It has the words ‘D 4 Damager’ in it, which confused us. Until we found one in Portobello Market.